Purpose of this information
This information
describes overview and planning information for z/OS Integrated Cryptographic
Service Facility (ICSF). The z/OS Cryptographic Services includes
these components:
- z/OS Integrated Cryptographic Service Facility (ICSF)
- z/OS Open Cryptographic Services Facility (OCSF)
- z/OS System Secure Socket Level Programming (SSL)
- z/OS Public Key Infrastructure Services (PKI)
ICSF is a software element of z/OS that works with hardware
cryptographic features and Security Server (RACF) to provide secure,
high-speed cryptographic services in the z/OS environment. ICSF provides
the application programming interfaces by which applications request
the cryptographic services. The cryptographic feature is secure, high-speed
hardware that performs the actual cryptographic functions.
The
cryptographic hardware features available to your applications depend
on the server.
ICSF features
ICSF provides support for:
- ANSI Data Encryption Algorithm (DES) and Advanced Encryption Standard
(AES) encryption and decryption.
- DES key management and transport.
- AES key management and transport.
- Financial services, including PINs, payment card industry transactions,
and ATMs.
- Public key operations, including key generation, digital signatures
and wrapping symmetric keys for transport.
- MAC and hash generation.
- Acceleration of handshake and frame encryption for SSL.
- PKCS #11 API.
Who should read this information
This information
is for chief information officers, information system executives,
and information security professionals and auditors. Installation
managers and security administrators who are responsible for planning
the data security strategy for their installation will also find this
information to be helpful. This publication applies to installations
that have z/OS with ICSF and a hardware cryptographic feature installed.